EC-Council launches CEHv7 Core Concepts on August 17th, an addendum written by real-world penetration testers (pen testers) in order to support CEHv7 students and information security professionals to better understand and apply the subject matter covered in the CEHv7 official curriculum.

Core Concepts adds a layer of depth to the already robust CEHv7 course. Based on the perspective of real-world pen-testers, Core Concepts further develops a detailed understanding of the ideas in CEHv7. Recognizing that the concepts presented in the CEH course are broad, complex and require constant updates, EC-Council has released this addendum to help students gain a more comprehensive understanding of the subject matter as they steer through the various concepts, labs, techniques, best practices, methodologies, and frameworks that are presented in CEH.

To produce Core Concepts, EC-Council appointed a group of highly regarded pen testers with real-world experience to ensure that the real-life applications of CEH are thoroughly covered, beyond what is presented in the courseware or covered by the instructor in class.

According to Jay Bavisi, EC-Council’s CEO, “While the CEH is a product of hundreds of subject matter experts’ contributions, we felt compelled to appoint a couple of the subject matter experts to further elaborate key ethical hacking skills in their own words. We are convinced that this will enrich the entire learning experience of the EC-Council CEH program.”

HOW DO I GET MY CEHv7 CORE CONCEPTS FREE?Effective August 17th, Core Concepts is offered to all EC-Council CEHv7 students free of charges. Please find below how you can redeem this:

New CEHv7 students are required to fill up their EC-Council Course Evaluation (the steps to complete the course evaluation can be found on 2nd page of the CEHv7 official courseware) and opt “YES” to receive the Core Concepts and other benefits from EC-Council. Existing CEHv7 students who had completed their EC-Council Course Evaluation will receive an e-mail from EC-Council on how to redeem their Core Concepts within 3 business days. Students who attended CEHv7 official training and has yet to fill up EC-Council Course Evaluation, what are you waiting for? Fill up the EC-Council Course Evaluation (the steps can be found in 2nd page of the CEHv7 official courseware) and opt “YES” to receive your Core Concepts. Students who have access to CEHv7 Academia iLearn, iClass iLearn, digital courseware, or e-courseware will have their Core Concepts pre-bundled in their account.

Cyber.spirit wrote:C|EH is a great certificate (much better than sec+!) but it will never make u a real hacker.

C|EH and Security + aren't comparable. Security + focuses on the theory and concepts of security in general. C|EH focuses on tools and attack methodology. They are both trying to achieve different objectives.

One of the many questions we see on these forums is "How do I... - ...get into info sec? ...become a hacker? ...become a pen tester? ...etc"

And it all really matters on where you come from. Are you a heavy coder? Do you have any experience in IT? Or, are you in college looking to direct your future career?

C|EH is definitely more for the HR filter test. It also gives the warm and fuzzies to non-technical hiring managers. If you don't have the years of experience and skill to back you up, it would certainly help get past some obstacles. But it gives you a broad overview of penetration testing and hacking techniques. It provides enough for you to know about the different areas and skills but not enough to master them. It does also provide the "ethical" portion of the learning. What makes one different from other "hackers" if one is a C|EH? Not a whole heck of a lot really. Those that want to do good things know the difference between right and wrong and will choose the right path. Those that don't want to, also know the difference but still choose the other path. Or something like that

Security+ is a great place to start for those who haven't been able to dip their toes into the InfoSec realm as much as the rest of us. It would probably be your helpdesk types, desktop support etc. Those that know the basics of computers and networking but lack some of the security knowledge. I like to think of it as Intro to InfoSec or SEC101. It will allow those beginner types to start building on that base they may already have. It too will help get them in the door, maybe not for the rock start pen tester job, but definitely for say the lv1 Security Operations Center position.

Then again I have neither. So I can be just blowing a ton of smoke If I were hiring people and it came down to 2 choices, one had maybe some MS certs and Sec+ along with a couple years of experience... The other with maybe the same years but only a C|EH to show for it, I would go with the one with proven technical knowledge and the Sec+. I've met too many CISSP/C|EH types that couldn't tell me the difference between an RJ45 and RJ11 connector. Not to mention never standing up a server into production and such.

Just my thoughts but I don't think anyone has addressed what "core concepts" in fact is. That aside I think CEH is marketed to much on what it isn't instead of what it is a entry level cert for understanding hacker methodology and the tools/techniques used. For me it got the job done. The experience learning it makes some GIACs a bit more attainable. Personally I think what CEH needs is a practical something like what SANS use to do with their certs.

I agree with 3xban and m0wgli. When trying break into pen testing it really does depend on your background. I have never done CEH but from speaking to people in security I know its not a cert they don't value as much as others. I think this one the main reason I have not done that course.

I agree with m0wgli that security + and CEH are two different course I would say security + is more similar to CISSP but has a smaller scope area. And from what I remember it more about underlying concepts of security. Where CEH is about tools and concepts and is very tools based.

Picking the right course is hard but it really does depend on your background my aim is to do:

OSWPHackingdojoElearnSsecuritytube PythonOSCPCrest/Tiger Team MemberCrest/Tiger Team Leader

My aim is to build up my skill as I know for really good pen testing that the CREST/Tiger courses are very hard. This way seem to be working for me I have covered the CEH, security + and bits of CISSP material but never wanted to do the exam.